syslog-ng is a system log daemon replacement designed to add additional
features and capabilities. A buffer overflow in the code that handles
syslog-ng's macro expansion can be exploited in a denial of service
attack and may, under some circumstances, be used to execute arbitrary
code with root permissions.

Users should watch their vendor for a repaired version or upgrade
syslog-ng to 1.5.21 for the devel version or 1.4.16 for the stable
version. Debian has released updated packages that fix this buffer
overflow.

The Heartbeat package for Linux provides a service that can be used to
implement system fail over. Heartbeat is vulnerable to several format
string bugs that can be exploited by a remote attacker and may lead to
a root compromise under some conditions.

It is recommended that users upgrade to a repaired version of
heartbeat, that heartbeat be executed as a normal non-privileged user,
and that if heartbeat is configured to listen to a UDP port, that the
port be protected using a firewall. SuSE has released packages that
repair the format string bugs in heartbeat, configures it to run as
the user nobody, and repairs a boot time problem.

dvips converts DVI format files into PostScript compatible files and
can be used as a print filter to allow the printing of DVI files.
dvips insecurely uses the system() function call and, when used as a
print filter, may be exploitable to execute arbitrary code with the
permissions of the user account that the print system is running as.

Affected users should upgrade dvips to a fixed version or remove it
from their system. Red Hat has released updated packages that repair
this problem.

The SNMP daemon that is a part of the net-snmp package is vulnerable
to a denial of service attack that uses a carefully created packet.
Before an attacker can exploit this denial of service attack they must
know at least one SNMP community string for example the "public"
read-only community string that in many installations has not been
changed.

kpf is a small Web server designed to allow a user to easily share a
directory that can be docked in the KDE bar. kpf has a vulnerability
that allows a remote attacker to easily view any directory or file on
the system readable by the user running kpf. Versions of kpf
released with KDE 3.0.1 through KDE 3.0.3a are reported to be
vulnerable.

Users should upgrade to kdenetwork-3.0.4 or should not run kpf until
their vendor has released updated packages.

The gnome-gv and ggv PDF and PostScript viewers are vulnerable to the
same buffer overflow that is present in gv. An attacker can create a
PDF or PostScript file that when read by gnome-gv or ggv can cause
arbitrary code to be executed with the permissions of the user running
the process.

Users should upgrade gnome-gv and ggv to repaired versions as soon as
possible and should consider disabling them until they have been
updated.

Red Hat has released new Mozilla packages that repair several
vulnerabilities in versions prior to 1.0.1. These vulnerabilities
could be used by an attacker to read arbitrary data on the local
machine or under some conditions execute code as the user running
Mozilla.

Affected users should upgrade their Mozilla packages as soon as
possible.

A buffer overflow has been reported in the Cisco CatOS embedded HTTP
server that can affect some Cisco Catalyst switches. This buffer
overflow can be used by a remote attacker in a denial of service
attack. Versions of CatOS from 5.4 through 7.3 that contain a "cv" in
their image name are reported to be affected.

Cisco recommends that affected users upgrade their switch to a
repaired version of CatOS. Affected users should contact Cisco for
details.

It has been reported that PAM version 0.76 is vulnerable to a serious
security related bug that causes PAM to treat user passwords locked by
placing "*" in the password field as empty passwords and permitting
access to those accounts without requiring a password if the user has
a shell other than /bin/false. The current unstable Debian release
(sid) is affected by this bug.

Affected users should upgrade to a repaired version of PAM and verify
the integrity of their system and their locked accounts.

The lockd file locking daemon distributed with Solaris is vulnerable
to a denial of service attack that can result in NFS requests that
require locking to hang or fail. If this denial of service attack is
going on, a lockd daemon started in debug mode (-d 1) will result in a
log message similar to the following in /var/adm/messages:

"Oct 8 13:39:41 flower unix: svc_tli_kcreate returned 134"

Sun has released patches for Solaris 2.6, 7, 8, and 9 for Sparc based
machines and Solaris X86 2.6, 7, and 8 for Intel based machines.